OpenClaw's `system.run` env override filtering allowed dangerous helper-command pivots

Summary system.run env override sanitization allowed dangerous override-only helper-command pivots to reach subprocesses. A caller who could invoke system.run with env overrides could bypass allowlist/approval intent by steering an allowlisted tool through helper-command or config-loading...

Arbitrary File Upload

Overview Affected versions of this package are vulnerable to Arbitrary File Upload via the GITSSHCOMMAND command. An attacker can execute arbitrary code and gain full control over the system by remotely overwriting configuration files. Remediation Upgrade Weblate to version 5.15.1 or higher...